18:28:57 #startmeeting autuminal cleaning, for crosbymichael 18:28:57 Meeting started Mon Oct 5 18:28:57 2015 UTC. The chair is vbatts|work. Information about MeetBot at http://wiki.debian.org/MeetBot. 18:28:57 Useful Commands: #action #agreed #help #info #idea #link #topic. 18:28:57 The meeting name has been set to 'autuminal_cleaning__for_crosbymichael' 18:29:14 there's not an "i" in autumnal 18:29:16 w/e 18:29:33 https://github.com/opencontainers/specs/issues?q=is%3Aissue+is%3Aopen+sort%3Aupdated-asc 18:29:33 Lets start from the bottom up 18:29:37 Sounds good 18:29:46 PRs, not issues? 18:29:58 k 18:30:05 https://github.com/opencontainers/specs/pulls?q=is%3Aopen+sort%3Aupdated-asc+is%3Apr 18:30:16 #topic least recently updated PRs 18:30:20 https://github.com/opencontainers/specs/pulls?q=is%3Aopen+sort%3Aupdated-asc+is%3Apr 18:30:23 https://github.com/opencontainers/specs/pull/101 18:31:21 crosbymichael: Either is fine 18:31:32 I think we may be able to close out some issues too 18:31:43 we can start with PRs, then move onto issues 18:31:47 #101 still needs edits to the Go before merging, but review on the Markdown seemed like something that should happen first 18:32:06 crosbymichael: Sounds good 18:32:16 Ok, lets review #101 18:32:56 yeah 18:33:01 It needs rebase 18:33:10 Looking at the content now 18:33:33 ya, lets mostlly review content 18:34:26 wking: why would Go code need changed? 18:34:31 Go comments 18:35:42 but if we want to leave the required-ness out of the Go comments, we could leave them alone 18:37:00 although if, e.g. uid is optional, we probably can't use a uint32 for it (and would need to use a pointer, or special-case a particular value, or whatever to mark "not set") 18:37:41 its not optional 18:38:04 and it' does not need a pointer because the zero value is valid 18:38:28 it is optional, because it makes no sense for a cgroup-only entry 18:38:43 then ur pr is probably wrong 18:38:45 like this one: https://github.com/opencontainers/specs/pull/101/files#diff-428eec4013a655816cdefafd5d3505f1R87 18:39:27 possibly ;). My preferred approach was #99, which separated cgroup handling from mknod handling 18:39:41 #101 just documents the current overloaded approach 18:40:09 what would uid be used for for that cgroup-only entry (https://github.com/opencontainers/specs/pull/101/files#diff-428eec4013a655816cdefafd5d3505f1R87)? 18:43:47 anyhow, back to work for me ;). Good luck with the review :) 18:44:18 crosbymichael: The question is whether we should combine the two or it makes more sense to separate 18:44:35 maybe if we want to review creation and permissions together being an issue we couldn't merge and look into that 18:45:35 yeah, maybe punt on this one 18:45:45 lk4d4: can give his thoughts when he has time :) 18:46:00 k. i'm back 18:47:11 next one 18:47:21 https://github.com/opencontainers/specs/pull/126 18:47:30 #topic https://github.com/opencontainers/specs/pull/126 18:47:57 -1 the file names are what they are supposed to be in Go 18:48:00 with _ not - 18:48:02 this one looks outdated 18:48:23 yeah 18:48:28 should close for now 18:48:30 even if it was updated still -1 18:48:40 you name files in go with _ not - 18:48:42 also, likely to change with my "top down" effort 18:48:44 because builds would work 18:48:47 yes 18:48:49 crosbymichael: yep 18:49:13 want me to comment? 18:49:20 vbatts|work: yes 18:49:28 comment and close 18:50:24 next https://github.com/opencontainers/specs/pull/127/files 18:50:30 #topic https://github.com/opencontainers/specs/pull/144 18:50:35 this one just needs a rebase 18:51:19 yep 18:51:24 What about 127? 18:52:40 maybe we should just make the change ourself for 127 and merge it and close 18:52:50 crosbymichael: okay 18:53:35 i can do it 18:53:42 alright 18:54:10 next 18:54:29 #topic https://github.com/opencontainers/specs/pull/133/files 18:54:49 I think this one probably needs more discussion on the mailing list. 18:54:58 i think that is being discussed on the mailing list and i don't see it being merge yet 18:55:09 okay next 18:55:13 so close 18:55:14 ? 18:55:20 that's tough. 18:55:41 what is? 18:55:59 there is a story there. but this mounting of qcow right in the config seems too much 18:56:05 yes 18:56:13 can open a new one once there is agreement 18:56:35 perhaps there is a space for vendor custom config, but otherwise there the standard minimal core 18:57:12 eww 18:57:22 Nothing blocks someone from encoding the source path today. Just the language and long direction need to be figured out w.r.t. hypervisors. 18:58:54 closing/ not closing? 18:59:19 I am okay keeping it as is for now. We can revisit it next time we do a sweep. 19:00:16 it would be nice to keep the issue tracker and PRs under control 19:00:29 okay, let's close it then 19:00:33 I can comment and close 19:00:34 makes it easier for reviewers and new ppl 19:00:36 i did 19:00:40 next 19:00:41 :D 19:00:57 we don't want the type of volume that docker has, 150 open PRs and 75-120 new / week 19:01:27 Makes sense 19:01:59 #topic https://github.com/opencontainers/specs/pull/142 19:02:01 LGTM 19:02:37 +1 19:03:13 next 19:03:24 #topic https://github.com/opencontainers/specs/pull/171/files 19:04:01 up to u vbatts|work 19:04:16 Looks like it should be split up and updated 19:04:19 hmm. the rebase needed makes this confusing 19:04:23 Seems all over the place 19:05:10 * vbatts|work compares to master 19:06:38 but the namespace mapping isn't in the runtime. it is in the config 19:06:52 ... but _should_ that be runtime specific? 19:07:17 yes 19:07:20 perhaps the container-config makes the ask for a uid/gid to be namespaced 19:07:32 and the runtime-config records the uid/gid it is mapped too? 19:08:04 i g2g 19:08:06 vbatts|work: No, the mappings are exact 19:08:13 crosbymichael: Alright cyl 19:08:16 whatever you two decide will be perfect 19:08:17 ;) 19:08:20 Ha :D 19:08:20 heh 19:08:41 vbatts|work: It isn't like cgroups.. 19:08:47 mrunalp: so if 0 in the container is 2000 on the host, it will have to be 2000 on every/any host? 19:09:10 yes, according to our config 19:09:12 its seems like it could eventually be a relative configuration. 19:09:36 Still a runtime decision I think 19:10:17 but then the immutable config ought not choose the uid/gid on the host which would be mapped to 19:11:33 i could imagine some priv-escalation, where a container could specifiy that it is to be mapped to ... uid 62, and then if somehow escalated it could access anything httpd has rights to 19:11:37 who knows 19:12:02 mrunalp: want to comment on this PR? 19:12:28 vbatts|work: Sure 19:12:58 vbatts|work: I have a call coming up but I will comment on this PR. Maybe have another session later or tomorrow? 19:13:21 k 19:13:25 #endmeeting